Can you answer my first questions?
Are you suggesting that the W3C should set or limit business terms for how
> content owners or content providers services provide their
> content|services, for example, by eliminating the ability for a content
> providers to use reasonable technical measures to protect against
> unauthorized access to some content?
>
> In other words, are you suggesting that a 3rd party that wished to provide
> or enable a given CDM for two browsers UA1 and UA2 should not be able to do
> so if they must resort to non-public information of any kind in their CDM
> implementation(s)?
On Mon, Feb 11, 2013 at 4:37 AM, Henri Sivonen <hsivonen@iki.fi> wrote:
> On Mon, Feb 11, 2013 at 11:29 AM, Glenn Adams <glenn@skynav.com> wrote:
> > If so, then would you place the same restriction on implementations of
> TLS,
> > which already supports extensible key and bulk encryption systems [1]?
> >
> > [1] http://www.rfc-editor.org/rfc/rfc5246.txt
>
> Drawing comparisons with TLS is a distraction and everyone here should
> already know that it is. Implying that the situation is equivalent is
> completely counterproductive.
>
I believe it a fair comparison.
>
> TLS terminates in the networking stack in such a way that the browser
> is trusted with the decrypted content. EME is designed to account for
> cases where the browser is treated as untrusted to handle decrypted
> content.
>
That is not correct. It is designed to account for cases where hardware is
used to perform certain tasks of the decryption process. It is strictly an
implementation issue regarding what data is exposed to the user agent.